Survey highlights bots, account takeover, third-party scripts, and audience hijacking
On August 24, Akamai Technologies, Inc. (NASDAQ: AKAM) released the results of a new survey of IT and security professionals on the prevalence and effectiveness of specialized third-party solutions that combat the challenges of malicious bots, account takeover (ATO), third-party scripts, and audience hijacking.
From Bad Bots to Malicious Scripts: The Effectiveness of Specialized Defenses found that not only are these protective technologies prevalent, but the companies using them have seen significant, quantifiable improvement in their ability to mitigate risk and prevent damage to their organizations and customers.
Akamai partnered with Foundry on the report, which surveyed more than 300 global IT and security decision-makers. Respondents were asked about the solutions they had in place for four broad categories of fraud and abuse: malicious bots, ATO attacks, script risks, and audience hijacking.
Almost nine out of 10 respondents (89 percent) use third-party solutions or a combination of third-party and in-house solutions to combat malicious bots. Nearly all (97 percent) reported an improvement in their efforts to combat bots, with more than half (54 percent) of those using third-party solutions indicating their cybersecurity capabilities have improved significantly since deployment. Of those who saw significant improvement, the top three capabilities and gains most frequently mentioned were:
The ability to handle high heat events and surges in traffic (47 percent)
An improvement in marketing effectiveness (42 percent)
The ability to balance security controls with performance optimization (41 percent)
Account takeover (ATO)
More than three-quarters (79 percent) of respondents said their businesses had been targeted by ATO attacks in the past 12 months. Two-thirds of survey takers said that their cybersecurity capabilities had significantly improved since deploying specialized ATO defenses, while 31 percent said they had somewhat improved. The most frequently reported gains by those who saw significant improvement were:
The ability to detect fraudulent or suspicious activity (44 percent)
Visibility into indicators of account compromise (41 percent)
The ability to detect fraudulent or suspicious logins (39 percent)
More than eight in 10 (81 percent) respondents said their organizations have been targeted by suspicious script behavior within the past 12 months. Essentially all (98 percent) of those using third-party specialized script protection solutions say their cybersecurity capabilities have improved at least somewhat since their deployment. More specifically, 71 percent of those using third-party solutions saw a significant reduction in abusive script behaviors, with another 24 percent seeing moderate reduction. Of those who saw significant improvement, the three most frequently reported gains were:
The ability to detect compromised first and third-party scripts (38 percent)
The ability to prioritize events that require investigation (38 percent)
The ability to meet compliance requirements (38 percent)
Just over one-quarter (26 percent) of survey takers said their organizations have been impacted by audience hijacking tactics. According to the report, those who had experienced audience hijacking said the top two effects on their businesses were increased cart abandonment (43 percent) and increased affiliate fraud (41 percent).
“Malicious bots, scripts, and ATO attacks are pervasive and will continue to pose ever greater challenges for commerce organizations as digital innovation and investment drives competitive advantage and customer loyalty,” said Patrick Sullivan, VP and CTO, Akamai Security Strategy. “From Bad Bots to Malicious Scripts: The Effectiveness of Specialized Defenses finds that third-party specialized defenses address unique challenges and offer exceptional effectiveness at mitigating and reducing the risk from online threats.”
From Bad Bots to Malicious Scripts: The Effectiveness of Specialized Defenses includes regional breakdowns for the United States, Europe and Asia-Pacific. Highlights include:
Nine in 10 organizations said they’d been targeted by ATO attacks within the past year, the highest rate of all three regions. More than 9 in 10 (93 percent) have deployed a specialized ATO solution — higher than the overall response rate (83 percent).
The U.S. faces the highest rate of bot attacks, with 88 percent having experienced an attack in the past year (well above the 75 percent overall response), and nearly all U.S. organizations (96 percent) have a specialized solution in place.
Almost every respondent (94 percent) was affected by suspicious script behavior over the prior 12 months.
The majority of U.S. respondents (94 percent) are aware of audience hijacking and nearly 4 in 10 (39 percent) said they have been impacted by it (well above the overall rate of 26 percent).
Just under three-quarters (73 percent) of organizations said they’d been targeted by ATO attacks within the past year, slightly less than the overall response (78 percent).
Nearly three-quarters (73 percent) of European respondents experienced bot attacks, a significant figure though slightly less than the 75 percent overall rate.
Europe had the lowest rate (72 percent) of organizations targeted by suspicious script behavior. Nearly all European organizations (94 percent) use specialized script protection solutions, higher than the 85 percent overall rate.
Most European respondents (92 percent) are aware of audience hijacking, but only 13 percent said they’ve been affected by it, the lowest rate and below the 26 percent overall rate.
The ATO threat environment is high in this region, with 73 percent saying they’ve been attacked in the previous 12 months (lower than the overall rate of 78 percent). APAC has the lowest rate of deployment for ATO solutions at 60 percent (much lower than the 83 percent overall rate).
Only 64 percent of APAC respondents experienced bot attacks in the previous 12 months (compared to 75 percent overall).
Malicious scripts are a serious problem in APAC, with 78 percent saying they’ve been targeted, which is just a bit less than the overall rate of 81 percent. But only 67 percent use specialized script protection solutions, the lowest rate and well below the 85 percent overall rate.
Essentially all (92 percent) APAC organizations are aware of audience hijacking, while 26 percent said they have been affected by it.